NimbostratusHi,
We are trying to deploy 5250 in our DMZ network and make use of VCMP feature to host both internal and external applications as two different guests (internal as one instance and external as another instance). I would like to know how secured is VCMP from the hypervisor perspective?if external instance gets compromised, how does F5 provide security on this? Please shed some light on this.
Thanks,
Sekhar
CirrusHello,
Firstly, an attacker should not be able to gain control of the Guest via the Data Plane (where you have selfip).
However, if an attacker gain access to the management plane, he will be able to try to connect to the host or the other guest in the standard mode. When using isolation mode, all guests are isolated from each others at the network level.
All resources are dedicated to every guest except the SSL and Compression cards that share resource accross every guest.
Moreover, you can turn your guest into appliance mode to strenghten the security.
Nimbostratus
NacreousHello,
Firstly, an attacker should not be able to gain control of the Guest via the Data Plane (where you have selfip).
However, if an attacker gain access to the management plane, he will be able to try to connect to the host or the other guest in the standard mode. When using isolation mode, all guests are isolated from each others at the network level.
All resources are dedicated to every guest except the SSL and Compression cards that share resource accross every guest.
Moreover, you can turn your guest into appliance mode to strenghten the security.
Nimbostratus